Kaspersky virus removal tool windows xp - Crack Key For U

December 24, 2021 / Rating: 4.5 / Views: 611

Related Images "Kaspersky virus removal tool windows xp - Crack Key For U" (30 pics):

Free Virus Removal Tool - Kaspersky

Essential antivirus for Windows – blocks viruses & cryptocurrency-mining malware. Learn more Free, 30-day trial Free Tools. Run Kaspersky Virus Removal Tool.

Free Virus Removal Tool - Kaspersky
My computer start up time (I mean time for all programs to load up) is about 5 minutes now. EXE C:\Program Files\Kaspersky Lab\Kaspersky PURE\C:\Program Files\Common Files\Java\Java Update\C:\Program Files\VIA\RAID\raid_C:\WINDOWS\system32\RUNDLL32. I want to reduce some programs from starting up, though I have refrained myself from doing so. Logfile of random's system information tool 1.08 (written by random/random) Run by Munna at 2010-12-04 Microsoft Windows XP Professional Service Pack 3 System drive C: has 1 GB (7%) free of 15 GB Total RAM: 511 MB (36% free) Logfile of Trend Micro Hijack This v2.0.4 Scan saved at AM, on 12/4/2010 Platform: Windows XP SP3 (Win NT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\System32\C:\WINDOWS\Explorer. EXE C:\Program Files\Microsoft Office\Office12\Groove C:\Program Files\Citrix\ICA Client\C:\Program Files\Internet Download Manager\C:\WINDOWS\system32\C:\Program Files\Common Files\Nero\Lib\NMIndex Store C:\Program Files\Magic Disc\Magic C:\Program Files\Citrix\ICA Client\wfcrun32C:\WINDOWS\system32\C:\Program Files\Kaspersky Lab\Kaspersky PURE\C:\Program Files\Common Files\Info Watch\Crypto Storage\Protected Objects C:\Program Files\Java\jre6\bin\C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\C:\Program Files\Common Files\Nero\Lib\NMIndexing C:\Program Files\Internet Download Manager\C:\Program Files\Mozilla Firefox\C:\Program Files\Kaspersky Lab\Kaspersky PURE\C:\Program Files\Mozilla Firefox\C:\Documents and Settings\Munna\Local Settings\Application Data\Google\Google Talk Plugin\F:\SOFTWARES\Malware Removal tool\C:\Program Files\trend micro\R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = Link Id=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Search Page = Link Id=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = about:blank O2 - BHO: IDM Helper - - C:\Program Files\Internet Download Manager\O2 - BHO: Acro IEHelper Stub - - C:\Program Files\Common Files\Adobe\Acrobat\Active X\Acro IEHelper O2 - BHO: (no name) - - (no file) O2 - BHO: IEVkbd BHO - - C:\Program Files\Kaspersky Lab\Kaspersky PURE\O2 - BHO: (no name) - - (no file) O2 - BHO: Groove GFS Browser Helper - - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1. DLL O2 - BHO: Windows Live Sign-in Helper - - C:\Program Files\Common Files\Microsoft Shared\Windows Live\Windows Live O2 - BHO: (no name) - - (no file) O2 - BHO: Java™ Plug-In 2 SSV Helper - - C:\Program Files\Java\jre6\bin\jp2O2 - BHO: link filter bho - - C:\Program Files\Kaspersky Lab\Kaspersky PURE\O2 - BHO: JQSIEStart Detector Impl - - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Kernel Fault Check] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Sun Java Update Sched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Sound MAXPn P] C:\Program Files\Analog Devices\Sound MAX\SMax4O4 - HKLM\..\Run: [Sound MAX] "C:\Program Files\Analog Devices\Sound MAX\smax4.exe" /tray O4 - HKLM\..\Run: [Raid Tool] C:\Program Files\VIA\RAID\raid_O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [Nv Cpl Daemon] RUNDLL32. EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [Nero Filter Check] C:\Program Files\Common Files\Nero\Lib\Nero O4 - HKLM\..\Run: [Groove Monitor] "C:\Program Files\Microsoft Office\Office12\Groove Monitor.exe" O4 - HKLM\..\Run: [Div XUpdate] "C:\Program Files\Div X\Div X Update\Div XUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Connection Center] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\Adobe ARM.exe" O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\/onboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Spybot SD Tea Timer] C:\Program Files\Spybot - Search & Destroy\Tea O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Indx Store Svr_] "C:\Program Files\Common Files\Nero\Lib\NMIndex Store Svr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKUS\S-1-5-18\..\Run Once: [Run Narrator] (User ' SYSTEM') O4 - HKUS\. DEFAULT\..\Run Once: [Run Narrator] (User ' Default user') O4 - Startup: Magic = C:\Program Files\Magic Disc\Magic O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGet O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGet O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL. EXE/3000 O9 - Extra button: Blog This - - C:\Program Files\Windows Live\Writer\Writer Browser O9 - Extra ' Tools' menuitem: &Blog This in Windows Live Writer - - C:\Program Files\Windows Live\Writer\Writer Browser O9 - Extra button: Send to One Note - - C:\PROGRA~1\MICROS~2\Office12\ONBttn O9 - Extra ' Tools' menuitem: S&end to One Note - - C:\PROGRA~1\MICROS~2\Office12\ONBttn O9 - Extra button: &Virtual Keyboard - - C:\Program Files\Kaspersky Lab\Kaspersky PURE\O9 - Extra button: Research - - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR. DLL O9 - Extra button: URLs c&heck - - C:\Program Files\Kaspersky Lab\Kaspersky PURE\O9 - Extra button: (no name) - - C:\WINDOWS\Network Diagnostic\O9 - Extra ' Tools' menuitem: @xpsp3res.dll,-20001 - - C:\WINDOWS\Network Diagnostic\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra ' Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O15 - Trusted IP range: O15 - ESC Trusted IP range: O16 - DPF: - Plus Plus/1.6/O18 - Protocol: groove Local GWS - - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1. DLL O18 - Protocol: skype4com - - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1. DLL O18 - Filter: application/x-ica - - C:\Program Files\Citrix\ICA Client\Ica Mime O18 - Filter: Autoruns Disabled - (no CLSID) - (no file) O18 - Filter hijack: ica - - C:\Program Files\Citrix\ICA Client\Ica Mime O20 - App Init_DLLs: C:\DOCUME~1\ALLUSE~1\AVP9\O22 - Shared Task Scheduler: Browseui preloader - - C:\WINDOWS\system32\O22 - Shared Task Scheduler: Component Categories cache daemon - - C:\WINDOWS\system32\O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky PURE\O23 - Service: Crypto Storage control service (CSObjects Srv) - Infowatch - C:\Program Files\Common Files\Info Watch\Crypto Storage\Protected Objects O23 - Service: Defragmentation-Service (Df Sdk S) - mst software Gmb H, Germany - C:\Program Files\Ashampoo\Ashampoo Win Optimizer 6\O23 - Service: Forti Client Service Scheduler (FA_Scheduler) - Fortinet Inc. - C:\Program Files\Fortinet\Forti Client\O23 - Service: Java Quick Starter (Java Quick Starter Service) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\O23 - Service: NMIndexing Service - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexing O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\Win Pcap\O23 - Service: Sound MAX Agent Service (Sound MAX Agent Service (default)) - Unknown owner - C:\Program Files\Analog Devices\Sound MAX\(file missing) O23 - Service: Tune Up Drive Defrag Service (Tune Up. Defrag) - Tune Up Software Gmb H - C:\WINDOWS\System32\Tune Up Defrag O23 - Service: WMI Performance Adapter (Wmi Ap Srv) - Unknown owner - C:\WINDOWS\system32\wbem\(file missing) O24 - Desktop Component 0: (no name) - (no file) -- End of file - 10137 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Google Update Task User S-1-5-21-1715567821-854245398-725345543-1003C:\WINDOWS\tasks\Google Update Task User S-1-5-21-1715567821-854245398-725345543-1003======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\] IDMIEHlpr Obj Class - C:\Program Files\Internet Download Manager\[2009-09-09 173488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\Active X\Acro IEHelper [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\] IEVkbd BHO Class - C:\Program Files\Kaspersky Lab\Kaspersky PURE\[2009-12-25 68112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1. DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\Windows Live [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2[2010-10-08 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\] Filter BHO Class - C:\Program Files\Kaspersky Lab\Kaspersky PURE\[2009-12-25 268816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\] JQSIEStart Detector Impl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_[2010-10-08 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky PURE\[2009-12-25 340456] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_[2010-09-23 35760] "Kernel Fault Check"=C:\WINDOWS\system32\dumprep 0 -k [] "Sun Java Update Sched"=C:\Program Files\Common Files\Java\Java Update\[2010-05-14 248552] "Sound MAXPn P"=C:\Program Files\Analog Devices\Sound MAX\SMax4[2004-04-01 1368064] "Sound MAX"=C:\Program Files\Analog Devices\Sound MAX\smax4[2004-03-26 794624] "Raid Tool"=C:\Program Files\VIA\RAID\raid_[2005-04-28 589824] "nwiz"=/install [] "Nv Media Center"=C:\WINDOWS\system32\Nv Mc [2008-05-16 86016] "Nv Cpl Daemon"=C:\WINDOWS\system32\Nv [2008-05-16 13529088] "Nero Filter Check"=C:\Program Files\Common Files\Nero\Lib\Nero [2008-04-28 570664] "Groove Monitor"=C:\Program Files\Microsoft Office\Office12\Groove [2006-10-27 31016] "Div XUpdate"=C:\Program Files\Div X\Div X Update\Div [2010-06-03 1144104] "Connection Center"=C:\Program Files\Citrix\ICA Client\[2010-03-11 300400] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\Adobe [2010-09-20 932288] [HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run] "IDMan"=C:\Program Files\Internet Download Manager\[2009-09-09 3118512] "ctfmon.exe"=C:\WINDOWS\system32\[2008-04-14 15360] "Steam"=C:\Program Files\Steam\[2010-12-04 1242448] "Spybot SD Tea Timer"=C:\Program Files\Spybot - Search & Destroy\Tea [2009-01-26 2144088] "msnmsgr"=C:\Program Files\Windows Live\Messenger\[2009-07-26 3883856] "Indx Store Svr_"=C:\Program Files\Common Files\Nero\Lib\NMIndex Store [2008-02-28 1828136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Service Layer"=3 "Windows Hosts Controller"=2 "Nr Connmags"=2 C:\Documents and Settings\Munna\Start Menu\Programs\Startup Magic - C:\Program Files\Magic Disc\Magic [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Windows] "App Init_DLLs"="C:\DOCUME~1\ALLUSE~1\AVP9\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon\Notify\klogon] C:\WINDOWS\system32\[2009-12-25 219664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Shell Service Object Delay Load] WPDSh Service Obj - - C:\WINDOWS\system32\WPDSh Service [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shell Execute Hooks] ""=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1. DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Control\Safe Boot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Control\Safe Boot\Minimal\Wudf Pf] [HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Control\Safe Boot\Minimal\Wudf Rd] [HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Control\Safe Boot\Minimal\Wudf Svc] [HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Control\Safe Boot\network\hitmanpro35] [HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Control\Safe Boot\network\hitmanpro35.sys] [HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Control\Safe Boot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Control\Safe Boot\network\Wudf Pf] [HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Control\Safe Boot\network\Wudf Rd] [HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Control\Safe Boot\network\Wudf Svc] [HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Control\Safe Boot\network\] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\explorer] "No Drive Type Auto Run"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Policies\explorer] "No Drive Type Auto Run"=323 "No Resolve Track"=1 "No Drive Auto Run"=67108863 "No Drives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\u Torrent\u Torrent.exe"="C:\Program Files\u Torrent\u Torrent.exe:*: Enabled: Torrent" "C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*: Enabled: Garena" "C:\Program Files\Microsoft Office\Office12\OUTLOOK. EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK. EXE:*: Enabled: Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\ONENOTE. EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE. EXE:*: Enabled: Microsoft Office One Note" "C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*: Enabled: Java™ Platform SE binary" "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*: Enabled: Java™ Platform SE binary" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*: Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Fortinet\Forti Client\Forti Proxy.exe"="C:\Program Files\Fortinet\Forti Client\Forti Proxy.exe:*: Enabled: Forti Client Proxy Service" "C:\Program Files\Fortinet\Forti Client\ipsec.exe"="C:\Program Files\Fortinet\Forti Client\ipsec.exe:*: Enabled: Forti Client VPN Service" "C:\Program Files\Fortinet\Forti Client\Forti Wad.exe"="C:\Program Files\Fortinet\Forti Client\Forti Wad.exe:*: Enabled: Forti Client Wan Optimization Service" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*: Enabled: Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*: Enabled: Windows Live Messenger" "C:\Program Files\Windows Live\Sync\Windows Live Sync.exe"="C:\Program Files\Windows Live\Sync\Windows Live Sync.exe:*: Enabled: Windows Live Sync" "C:\Program Files\Skype\Plugin Manager\skype PM.exe"="C:\Program Files\Skype\Plugin Manager\skype PM.exe:*: Enabled: Skype Extras Manager" "C:\Documents and Settings\Munna\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Munna\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*: Enabled: Google Talk Plugin" "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*: Enabled: Steam" "C:\Program Files\Team Viewer\Version5\Team Viewer.exe"="C:\Program Files\Team Viewer\Version5\Team Viewer.exe:*: Enabled: Teamviewer Remote Control Application" "C:\Program Files\Team Viewer\Version5\Team Viewer_Service.exe"="C:\Program Files\Team Viewer\Version5\Team Viewer_Service.exe:*: Enabled: Teamviewer Remote Control Service" "C:\Program Files\Steam\steamapps\waggs15\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\waggs15\counter-strike\hl.exe:*: Enabled: Counter-Strike" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*: Enabled: Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\wmpvk2.exe"="C:\WINDOWS\system32\wmpvk2.exe:*: Enabled: LAN Router" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*: Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*: Enabled: Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*: Enabled: Windows Live Messenger" "C:\Program Files\Windows Live\Sync\Windows Live Sync.exe"="C:\Program Files\Windows Live\Sync\Windows Live Sync.exe:*: Enabled: Windows Live Sync" ======List of files/folders created in the last 1 months====== 2010-12-04 ----A---- C:\bak 2010-12-03 ----SHD---- C:\RECYCLER 2010-12-02 ----D---- C:\WINDOWS\temp 2010-12-02 ----A---- C:\Combo 2010-11-29 ----D---- C:\_OTL 2010-11-28 ----D---- C:\Config. Msi 2010-11-27 ----D---- C:\Documents and Settings\All Users\Application Data\Installations 2010-11-26 ----A---- C:\2010-11-26 ----RASHD---- C:\cmdcons 2010-11-26 ----A---- C:\WINDOWS\2010-11-26 ----A---- C:\WINDOWS\2010-11-26 ----A---- C:\WINDOWS\2010-11-26 ----A---- C:\WINDOWS\2010-11-26 ----A---- C:\WINDOWS\2010-11-26 ----A---- C:\WINDOWS\2010-11-26 ----A---- C:\WINDOWS\2010-11-26 ----A---- C:\WINDOWS\2010-11-26 ----A---- C:\WINDOWS\2010-11-26 ----D---- C:\WINDOWS\ERDNT 2010-11-26 ----D---- C:\Qoobox 2010-11-25 ----D---- C:\Program Files\trend micro 2010-11-25 ----D---- C:\rsit 2010-11-24 ----D---- C:\found.000 2010-11-24 ----A---- C:\WINDOWS\system32\drivers\hitmanpro352010-11-24 ----D---- C:\Program Files\Hitman Pro 3.5 2010-11-24 ----D---- C:\Documents and Settings\All Users\Application Data\Hitman Pro 2010-11-22 ----AD---- C:\Kaspersky Rescue Disk 10.0 2010-11-20 ----D---- C:\Program Files\Sophos 2010-11-20 ----A---- C:\TDSSKiller.2.4.8.0___2010-11-10 ----D---- C:\Program Files\Fraps ======List of files/folders modified in the last 1 months====== 2010-12-04 ----D---- C:\WINDOWS\Prefetch 2010-12-04 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2010-12-04 ----D---- C:\WINDOWS\system32\Cat Root2 2010-12-04 ----SD---- C:\WINDOWS\Tasks 2010-12-04 ----D---- C:\Program Files\Steam 2010-12-04 ----D---- C:\Documents and Settings\Munna\Application Data\DMCache 2010-12-04 ----A---- C:\WINDOWS\Sched Lg U. Txt 2010-12-04 ----RASH---- C:\2010-12-04 ----A---- C:\WINDOWS\2010-12-04 ----A---- C:\WINDOWS\2010-12-04 ----A---- C:\WINDOWS\Nero 2010-12-03 ----D---- C:\WINDOWS\Minidump 2010-12-03 ----D---- C:\WINDOWS 2010-12-03 ----D---- C:\Documents and Settings\Munna\Application Data\u Torrent 2010-12-03 ----RD---- C:\Program Files 2010-12-03 ----D---- C:\Documents and Settings\Munna\Application Data\IDM 2010-12-02 ----D---- C:\WINDOWS\system32\drivers 2010-12-02 ----D---- C:\WINDOWS\system32\drivers\etc 2010-12-02 ----D---- C:\WINDOWS\system32\config 2010-12-02 ----D---- C:\WINDOWS\system32 2010-12-02 ----D---- C:\WINDOWS\App Patch 2010-12-02 ----D---- C:\Program Files\Common Files 2010-11-30 ----D---- C:\Documents and Settings\Munna\Application Data\Skype 2010-11-30 ----D---- C:\Documents and Settings\Munna\Application Data\skype PM 2010-11-28 ----SHD---- C:\WINDOWS\Installer 2010-11-28 ----D---- C:\WINDOWS\system32\Cat Root 2010-11-28 ----HD---- C:\WINDOWS\inf 2010-11-27 ----D---- C:\Program Files\Panda Security 2010-11-27 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-11-27 ----D---- C:\WINDOWS\system32\drivers\UMDF 2010-11-27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-11-26 ----D---- C:\WINDOWS\repair 2010-11-26 ----SHD---- C:\System Volume Information 2010-11-26 ----D---- C:\WINDOWS\system32\Restore 2010-11-26 ----SD---- C:\Documents and Settings\Munna\Application Data\Microsoft 2010-11-26 ----D---- C:\Program Files\Serials 2005 2010-11-23 ----A---- C:\WINDOWS\kaio. INI 2010-11-17 ----D---- C:\Program Files\Nmap 2010-11-12 ----A---- C:\WINDOWS\2010-11-09 ----HD---- C:\Program Files\Install Shield Installation Information 2010-11-05 ----D---- C:\WINDOWS\Help ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 CSCry Sec; Info Watch Encrypt Sector Library driver; C:\WINDOWS\system32\DRIVERS\CSCry [2009-12-14 88632] R0 gagp30kx; Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\WINDOWS\system32\DRIVERS\gagp30[2008-04-14 46464] R0 KLBG; Kaspersky Lab Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\[2009-10-14 36880] R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\[2005-04-28 60928] R0 Wudf Pf; Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\Wudf [2009-07-13 91904] R1 Amd K8; AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\Amd K8[2004-05-08 35840] R1 CSVirtual Disk Drv; Info Watch Virtual Disk driver; C:\WINDOWS\system32\DRIVERS\CSVirtual Disk [2009-12-14 39352] R1 ctxusbm; Citrix USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\[2009-10-05 65584] R1 fortiapd;fortiapd; C:\WINDOWS\system32\drivers\[2009-12-15 13416] R1 Fortips; Fortips; C:\WINDOWS\system32\drivers\[2009-12-15 98024] R1 Forti Rdr; Forti Rdr; C:\WINDOWS\system32\drivers\Forti [2009-12-15 29928] R1 Forti Shield; Forti Shield; C:\WINDOWS\system32\drivers\Forti [2009-12-15 36968] R1 kbdhid; Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\[2008-04-14 14592] R1 kl1; Kl1; \?? \C:\WINDOWS\system32\drivers\kl1[] R1 KLIF; Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\[2009-11-26 315408] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\[2004-04-08 116176] R3 FETNDIS; VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5[2001-08-17 27165] R3 Fortidrv2; Fortinet Packet Filter Service; C:\WINDOWS\system32\DRIVERS\[2009-04-06 22432] R3 ft_vnic; Fortinet network virtual adapter; C:\WINDOWS\system32\DRIVERS\[2009-02-16 14496] R3 hidusb; Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\[2008-04-14 10368] R3 klim5; Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5[2009-09-14 32272] R3 klmouflt; Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\[2009-10-02 19472] R3 mcdbus; Driver for Magic ISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\[2009-02-24 116736] R3 MTsensor; ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\[2004-08-15 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_[2008-05-16 6557408] R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\[2004-04-27 381056] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\[2004-06-07 266880] R3 usbccgp; Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\[2008-04-14 32128] R3 usbuhci; Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\[2008-04-14 20608] S3 catchme;catchme; \?? \C:\Combo Fix\[] S3 CCDECODE; Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\[2008-04-14 17024] S3 GGSAFERDriver; GGSAFER Driver; \?? \C:\Program Files\Garena\[] S3 leafnets; Leaf Networks Adapter; C:\WINDOWS\system32\DRIVERS\[2007-05-03 55296] S3 MEMSWEEP2; MEMSWEEP2; \?? \C:\WINDOWS\system32\162[] S3 Midi Syn; Midi Syn; C:\WINDOWS\system32\drivers\Midi [2002-09-22 235100] S3 mouhid; Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\[2001-08-17 12160] S3 MSTEE; Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\[2008-04-14 5504] S3 NABTSFEC; NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\[2008-04-14 85248] S3 Ndis IP; Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\Ndis [2008-04-14 10880] S3 nm; Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\[2008-04-14 40320] S3 nmwcd;nmwcd; C:\WINDOWS\system32\drivers\[2010-01-21 18048] S3 nmwcdc;nmwcdc; C:\WINDOWS\system32\drivers\[2009-12-30 22016] S3 NPF; Net Group Packet Filter Driver; C:\WINDOWS\system32\drivers\[2010-06-25 35088] S3 pccsmcfd; PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\[] S3 SLIP; BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\[2008-04-14 11136] S3 streamip; BDA IPSink; C:\WINDOWS\system32\DRIVERS\Stream [2008-04-14 15232] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_[2009-12-30 7936] S3 usbscan; USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\[2008-04-14 15104] S3 usbser; USB Modem Driver; C:\WINDOWS\system32\drivers\[2008-04-14 26112] S3 Usbser Filt; Usbser Filt; C:\WINDOWS\system32\DRIVERS\usbser_[2009-12-30 7936] S3 USBSTOR; USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR. SYS [2008-04-14 26368] S3 vvftav;vvftav; C:\WINDOWS\system32\drivers\[] S3 Wdf01000; Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000[2009-07-14 444136] S3 Wpd Usb; Wpd Usb; C:\WINDOWS\system32\DRIVERS\[2006-10-18 38528] S3 WSTCODEC; World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC. SYS [2008-04-14 19200] S3 Wudf Rd; Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\[2009-07-13 132224] S3 ZSMC30x; USB PC Camera Service ZSMC30x; C:\WINDOWS\System32\Drivers\ZS211[] S4 Garena PEngine; Garena PEngine; \?? \C:\DOCUME~1\Munna\LOCALS~1\Temp\OES3[] S4 sptd;sptd; C:\WINDOWS\System32\Drivers\[2010-06-13 721904] S4 WPRO_40_1123; Win Pcap Packet Driver (WPRO_40_1123); C:\WINDOWS\system32\drivers\WPRO_40_1123[] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AVP; Kaspersky PURE; C:\Program Files\Kaspersky Lab\Kaspersky PURE\[2009-12-25 340456] R2 CSObjects Srv; Crypto Storage control service; C:\Program Files\Common Files\Info Watch\Crypto Storage\Protected Objects [2009-12-21 743992] R2 Java Quick Starter Service; Java Quick Starter; C:\Program Files\Java\jre6\bin\[2010-10-08 153376] R2 NVSvc; NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32[2008-05-16 159812] R2 Ux Tune Up; Tune Up Theme Extension; C:\WINDOWS\System32\[2008-04-14 14336] R3 NMIndexing Service; NMIndexing Service; C:\Program Files\Common Files\Nero\Lib\NMIndexing [2008-02-28 529704] S2 FA_Scheduler; Forti Client Service Scheduler; C:\Program Files\Fortinet\Forti Client\[2009-12-15 53266] S2 Sound MAX Agent Service (default); Sound MAX Agent Service; C:\Program Files\Analog Devices\Sound MAX\[] S3 aspnet_state; ASP. NET\Framework\v2.0.50727\aspnet_[2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;. NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft. NET\Framework\v2.0.50727\[2005-09-23 66240] S3 Df Sdk S; Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo Win Optimizer 6\[2009-01-09 410976] S3 Font Cache3.0.0.0; Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft. Net\Framework\v3.0\WPF\Presentation Font [2006-10-20 36864] S3 idsvc; Windows Card Space; C:\WINDOWS\Microsoft. NET\Framework\v3.0\Windows Communication Foundation\[2006-10-30 741376] S3 Microsoft Office Groove Audit Service; Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\Groove Audit [2006-10-27 65824] S3 odserv; Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV. EXE [2006-10-26 441136] S3 ose; Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE. EXE [2006-10-26 145184] S3 rpcapd; Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\Win Pcap\[2010-06-25 117264] S3 Tune Up. Defrag; Tune Up Drive Defrag Service; C:\WINDOWS\System32\Tune Up Defrag [2010-06-13 306432] S4 Net Tcp Port Sharing; Net. NET\Framework\v3.0\Windows Communication Foundation\SMSvc [2006-10-30 122880] S4 Wudf Svc; Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\[2008-04-14 14336] -----------------EOF----------------- Okay, no problem. Before we move to the next part of the fix, there are a couple of things that were brought to my attention:1. Your RSIT log shows that you only have 7% free disk space available. You might want to consider freeing up some space, because the Windows recommended free space is 15%.2. Do the windows open when you press any specific key combination? Your RSIT log also shows that your IE homepage is still set to About: Blank. So, not wasting ur time, I would say U to proceed with other problems like firefox popping up in cs 1.6. Is it possible that you may have some shortcut key assigned to Fire Fox? Do the windows open when you stand idle in the game? It might be because Kaspersky is interfering with the fix. My hypothesis is, whenever there is a program running and the computer notices keystrokes then the malware opens up a firefox browser. Do you have to be connected to a server before the windows open? Could you please verify that for me, since I am not familiar with Kaspersky's software. Or do the windows open when viewing the main menu too? There is no shortcut key for firefox, as far as my knowledge is concerned. Web F:\SOFTWARES\Internet\Messengers\Zwinky Setup2.3.50.53. ZJfox000You might see these and say that I have kept a large number of malwares but I used these programs in the past, when I didn't knew anything about Virus. Now for the next attempt at the fix: Please close all your browsers. But the problem is my HDD is only 80gb, and I have things that I can't do away with. If I don't get a response within three days, I'll give a bump of this topic just to make sure everything's alright. I don't think the add-on would be effective when firefox is completely closed. Zwinky.exe/data004712/10/2010 PM Deleted: not-a-virus: Garbage. Now I have just kept these things without ever executing them. Click on Start / Run, Enter the following command: firefox -safe-mode Click Continue In Safe Mode. While you are in Safe Mode, your settings will reverted back to their defaults. So I need some time before I burn my important stuffs to DVD and consequently relieve my hard disk from congestion. If safe mode did, indeed, fix the proble, then we can proceed through some steps to permanently remove the redirects. Mostly, the firefox pops up when playing in any server (I have tested on 4-5 servers). Web F:\SOFTWARES\Internet\Messengers\Zwinky Setup2.3.50.53. If U say I could scan F: specially and post the report afterwards.---------- OTL LOG ----------------OTL logfile created on: 12/10/2010 PM - Run 3OTL by Old Timer - Version 3.2.17.3 Folder = F:\SOFTWARES\Malware Removal tool Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.00 Mb Total Physical Memory | 207.00 Mb Available Physical Memory | 40.00% Memory free1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free Paging file location(s): C:\768 1536 [binary data] %System Drive% = C: | %System Root% = C:\WINDOWS | %Program Files% = C:\Program Files Drive C: | 15.00 Gb Total Space | 1.45 Gb Free Space | 9.67% Space Free | Partition Type: NTFSDrive D: | 20.00 Gb Total Space | 0.27 Gb Free Space | 1.35% Space Free | Partition Type: NTFSDrive E: | 15.00 Gb Total Space | 0.40 Gb Free Space | 2.65% Space Free | Partition Type: NTFSDrive F: | 24.52 Gb Total Space | 1.05 Gb Free Space | 4.30% Space Free | Partition Type: NTFSDrive G: | 3.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: HOME | User Name: Munna | Logged in as Administrator. I am certain that I had set my homepage in IE explorer. The reason of opening is still unknown as, for example- pressing ctrl key, opened the firefox, but trying again won't give the same results. Zwinky.exe/data003912/10/2010 PM Detected: not-a-virus: Garbage. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days PRC - [2010/11/26 | 000,575,488 | ---- | M] (Old Timer Tools) -- F:\SOFTWARES\Malware Removal tool\PRC - [2010/10/29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\PRC - [2010/10/29 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\PRC - [2009/12/25 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\PRC - [2009/12/25 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\PRC - [2009/12/15 | 002,726,528 | ---- | M] (Fortinet Inc.) -- C:\Program Files\Fortinet\Forti Client\Forti PRC - [2009/12/15 | 000,240,256 | ---- | M] (Fortinet Inc.) -- C:\Program Files\Fortinet\Forti Client\Forti PRC - [2009/12/15 | 000,077,842 | ---- | M] (Fortinet Inc.) -- C:\Program Files\Fortinet\Forti Client\PRC - [2009/12/15 | 000,331,794 | ---- | M] (Fortinet Inc.) -- C:\Program Files\Fortinet\Forti Client\Forti PRC - [2009/12/15 | 000,143,378 | ---- | M] (Fortinet Inc.) -- C:\Program Files\Fortinet\Forti Client\PRC - [2009/12/15 | 000,053,266 | ---- | M] (Fortinet Inc.) -- C:\Program Files\Fortinet\Forti Client\PRC - [2009/09/09 | 003,118,512 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\PRC - [2008/04/14 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PRC - [2008/02/18 | 000,251,312 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\MOD - [2010/11/26 | 000,575,488 | ---- | M] (Old Timer Tools) -- F:\SOFTWARES\Malware Removal tool\MOD - [2009/03/26 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\-- (Wudf Svc)SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\wbem\-- (Wmi Ap Srv)SRV - File not found [Disabled | Stopped] -- C:\Program Files\Analog Devices\Sound MAX\-- (Sound MAX Agent Service (default))SRV - [2010/06/25 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Win Pcap\-- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)SRV - [2010/06/13 | 000,306,432 | ---- | M] (Tune Up Software Gmb H) [Disabled | Stopped] -- C:\WINDOWS\system32\Tune Up Defrag -- (Tune Up. So I checked it again and I found google to be my homepage. I need some time before I verify whether that safe mode thing solves my redirection problem or not. As U can see it's unpredictable and hard to test anything. Screensaver.b F:\SOFTWARES\Internet\Messengers\Zwinky Setup2.3.50.53. Defrag)SRV - [2009/12/25 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\-- (AVP)SRV - [2009/12/21 | 000,743,992 | ---- | M] (Infowatch) [Disabled | Stopped] -- C:\Program Files\Common Files\Info Watch\Crypto Storage\Protected Objects -- (CSObjects Srv)SRV - [2009/12/15 | 000,053,266 | ---- | M] (Fortinet Inc.) [Auto | Running] -- C:\Program Files\Fortinet\Forti Client\-- (FA_Scheduler)SRV - [2009/01/09 | 000,410,976 | ---- | M] (mst software Gmb H, Germany) [Disabled | Stopped] -- C:\Program Files\Ashampoo\Ashampoo Win Optimizer 6\-- (Df Sdk S)SRV - [2007/12/20 | 000,029,440 | ---- | M] (Tune Up Software Gmb H) [Auto | Running] -- C:\WINDOWS\system32\-- (Ux Tune Up) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ZS211-- (ZSMC30x)DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\WPRO_40_1123-- (WPRO_40_1123) Win Pcap Packet Driver (WPRO_40_1123)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\-- (vvftav)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\-- (pccsmcfd)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\162-- (MEMSWEEP2)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\-- (GGSAFERDriver)DRV - File not found [Kernel | Disabled | Stopped] -- C:\DOCUME~1\Munna\LOCALS~1\Temp\OES3-- (Garena PEngine)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo Fix\-- (catchme)DRV - [2010/06/25 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\-- (NPF)DRV - [2010/06/13 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\-- (sptd)DRV - [2010/01/21 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\-- (nmwcd)DRV - [2009/12/30 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_-- (Usbser Filt)DRV - [2009/12/30 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\-- (nmwcdc)DRV - [2009/12/30 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_-- (upperdev)DRV - [2009/12/15 | 000,036,968 | ---- | M] (Fortinet Inc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Forti -- (Forti Shield)DRV - [2009/12/15 | 000,029,928 | ---- | M] (Fortinet Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Forti -- (Forti Rdr)DRV - [2009/12/15 | 000,098,024 | ---- | M] (Fortinet Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\-- (Fortips)DRV - [2009/12/15 | 000,013,416 | ---- | M] (Fortinet Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\-- (fortiapd)DRV - [2009/12/14 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\CSCry -- (CSCry Sec)DRV - [2009/12/14 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CSVirtual Disk -- (CSVirtual Disk Drv)DRV - [2009/11/26 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\-- (KLIF)DRV - [2009/10/22 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\21197662-- (21197662)DRV - [2009/10/14 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\-- (KLBG)DRV - [2009/10/09 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\2119766-- (setup_9.0.0.722__20-21drv)DRV - [2009/10/05 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\-- (ctxusbm)DRV - [2009/10/02 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\-- (klmouflt)DRV - [2009/09/25 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\21197661-- (21197661)DRV - [2009/09/14 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5-- (klim5)DRV - [2009/09/01 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1-- (kl1)DRV - [2009/04/06 | 000,022,432 | ---- | M] (Fortinet Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\-- (Fortidrv2)DRV - [2009/02/24 | 000,116,736 | ---- | M] (Magic ISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\-- (mcdbus)DRV - [2009/02/16 | 000,014,496 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\-- (ft_vnic)DRV - [2008/05/16 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_-- (nv)DRV - [2008/04/14 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\-- (nm)DRV - [2007/05/03 | 000,055,296 | ---- | M] (Leaf Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\-- (leafnets)DRV - [2004/08/15 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\-- (MTsensor)DRV - [2004/05/08 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amd K8-- (Amd K8)DRV - [2004/04/27 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\-- (senfilt)DRV - [2002/09/22 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Midi -- (Midi Syn) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main, Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main, Start Page = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings: "Proxy Enable" = 0 FF - .browser.startup.homepage: " - .extensions.enabled Items: [email protected]:6.7FF - .extensions.enabled Items: :1.1FF - .extensions.enabled Items: [email protected]:1.0FF - .extensions.enabled Items: Skip [email protected] Screen:0.5.12s FF - .extensions.enabled Items: :1.4.1FF - .extensions.enabled Items: :6.0.21FF - .extensions.enabled Items: [email protected]:9.0.0.192FF - .extensions.enabled Items: :1.0.0.2FF - .network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/30 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/24 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Thunderbird\Extensions\\: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2010/11/28 | 000,000,000 | ---D | M] [2010/06/13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Munna\Application Data\Mozilla\Extensions[2010/12/08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Munna\Application Data\Mozilla\Firefox\Profiles\q43tyokt.default\extensions[2010/10/31 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Documents and Settings\Munna\Application Data\Mozilla\Firefox\Profiles\q43tyokt.default\extensions\[2010/06/15 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\Munna\Application Data\Mozilla\Firefox\Profiles\q43tyokt.default\extensions\[2010/11/12 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Munna\Application Data\Mozilla\Firefox\Profiles\q43tyokt.default\extensions\[2010/10/11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Munna\Application Data\Mozilla\Firefox\Profiles\q43tyokt.default\extensions\[2010/11/18 | 000,000,000 | ---D | M] (Fox Tab) -- C:\Documents and Settings\Munna\Application Data\Mozilla\Firefox\Profiles\q43tyokt.default\extensions\[2010/11/09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Munna\Application Data\Mozilla\Firefox\Profiles\q43tyokt.default\extensions\Skip [email protected] Screen[2010/11/18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Munna\Application Data\Mozilla\Firefox\Profiles\q43tyokt.default\extensions\staged-xpis[2010/12/08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010/10/08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\[2010/10/26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected][2010/03/11 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll[2010/03/11 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\Cgp Core.dll[2010/03/11 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll[2010/03/11 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll[2010/10/08 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploy Java1.dll[2010/03/11 | 000,423,248 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npica N.dll[2010/03/11 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\Tcp O1 HOSTS File: ([2010/12/02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - - Reg Error: Value error. Because at times, this redirection problem doesn't occur and on the other, it happens frequently. These day I haven't replied U because I was trying to find out some pattern in these but failed! Please click here to download Kaspersky Virus Removal Tool.1. BO2F:\SOFTWARES\Hacking\SOFTWARES\Keyloggers\bo2k_1_1_6A.zip/bo2k_1_1_6/plugins/srv/srv_12/10/2010 PM Detected: Hoax. File not found O2 - BHO: (no name) - - No CLSID value found. These days I am not facing any redirection problem but still I know it's lurking around somewhere. 1 thing I am sure of i.e, all my problem vanishes if I suspend the netsvcs svchost. I'd like to make sure your Firefox is still not infected. So, first, please uninstall FF completely and do a clean reinstall. Double click on the file you just downloaded and let it install.2. After that leave what is selected and put a check next to My Computer.4. BO2F:\SOFTWARES\Hacking\SOFTWARES\Keyloggers\bo2k_1_1_6A.zip/bo2k_1_1_6/plugins/srv/srv_12/10/2010 PM Deleted: Backdoor. O2 - BHO: (IEVkbd BHO Class) - - C:\Program Files\Kaspersky Lab\Kaspersky PURE\(Kaspersky Lab)O2 - BHO: (no name) - - No CLSID value found. O2 - BHO: (Filter BHO Class) - - C:\Program Files\Kaspersky Lab\Kaspersky PURE\(Kaspersky Lab)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.5. Before it is done it may prompt for action regardless of the setting so choose delete if prompted.7. Click on the bottom where it says Report to open the report.9. BO2F:\SOFTWARES\Hacking\SOFTWARES\Keyloggers\bo2k_1_1_6A.zip/bo2k_1_1_6/plugins/srv/srv_12/10/2010 PM Detected: Backdoor. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\(Kaspersky Lab)O4 - HKLM..\Run: [Forti Client] C:\Program Files\Fortinet\Forti Client\Forti (Fortinet Inc.)O4 - HKLM..\Run: [Nv Cpl Daemon] C:\WINDOWS\System32\Nv Cpl. Then highlight of of the items found by using ctrl a on your keyboard to select all or use your mouse to select all then right click and choose copy.10. F:\SOFTWARES\ANTI-VIRUS\Kaspersky Anti-Virus\Kaspersky PURE\Kaspersky PURE Trial Reset[gamerguuy]\Kaspersky PURE Trial Reset.exe/12/10/2010 PM Deleted: Hack Tool. F:\SOFTWARES\ANTI-VIRUS\Kaspersky Anti-Virus\Kaspersky PURE\Kaspersky PURE Trial Reset[gamerguuy]\Kaspersky PURE Trial 12/10/2010 PM Detected: Trojan-Downloader. F:\SOFTWARES\Downloaded Softwares\Latest 2009 Downloads\MISC SOFT\PFConfig 1.0.163 Crack\PFCSetup1.0.163.exe/data0005/Execryptor 12/10/2010 PM Deleted: Trojan-Downloader. F:\SOFTWARES\Downloaded Softwares\Latest 2009 Downloads\MISC SOFT\PFConfig 1.0.163 Crack\PFCSetup1.0.16312/10/2010 PM Detected: Trojan-Downloader. F:\SOFTWARES\Downloaded Softwares\Latest 2009 Downloads\MISC SOFT\PFConfig v1.0.163 working serial\PFConfig v1.0.163 working serial\PFCSetup1.0.163.exe/data0005/Execryptor 12/10/2010 PM Deleted: Trojan-Downloader. F:\SOFTWARES\Downloaded Softwares\Latest 2009 Downloads\MISC SOFT\PFConfig v1.0.163 working serial\PFConfig v1.0.163 working serial\PFCSetup1.0.16312/10/2010 PM Detected: Trojan. F:\SOFTWARES\Exe & dll Editors\bfc3pedemo.exe/bfcpe4d\bfchlp112/10/2010 PM Detected: Trojan. F:\SOFTWARES\Exe & dll Editors\bfc3pedemo.exe/bfcpe4d\bfchlp412/10/2010 PM Deleted: Trojan. F:\SOFTWARES\Exe & dll Editors\bfc312/10/2010 PM Detected: Backdoor. BO2F:\SOFTWARES\Hacking\SOFTWARES\Keyloggers\bo2k_1_1_6A.zip/bo2k_1_1_6/plugins/srv/srv_12/10/2010 PM Deleted: Backdoor. DLL (NVIDIA Corporation)O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\(Tonec Inc.)O4 - Startup: C:\Documents and Settings\Munna\Start Menu\Programs\Startup\setup_9.0.0.722__20-21= C:\Documents and Settings\Munna\Desktop\Virus Removal Tool\setup_9.0.0.722__20-21\()O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer: No Drive Type Auto Run = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer: No Resolve Track = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer: No Drive Auto Run = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer: No Drives = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer: No Drive Type Auto Run = 145O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGet ()O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGet ()O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\()O9 - Extra Button: Blog This - - C:\Program Files\Windows Live\Writer\Writer Browser (Microsoft Corporation)O9 - Extra ' Tools' menuitem : &Blog This in Windows Live Writer - - C:\Program Files\Windows Live\Writer\Writer Browser (Microsoft Corporation)O9 - Extra Button: &Virtual Keyboard - - C:\Program Files\Kaspersky Lab\Kaspersky PURE\(Kaspersky Lab)O9 - Extra Button: URLs c&heck - - C:\Program Files\Kaspersky Lab\Kaspersky PURE\(Kaspersky Lab)O16 - DPF: Plug-in 1.6.0_21)O16 - DPF: Plug-in 1.6.0_21)O16 - DPF: Plug-in 1.6.0_21)O16 - DPF: Flash Object)O16 - DPF: Plus Plus/1.6/(Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Dhcp Name Server = 202.138.96.2 2.5 2.5 202.138.103.100 2.6 2.2 2.5O18 - Protocol\Handler\skype4com - C:\Program Files\Common Files\Skype\Skype4(Skype Technologies)O18 - Protocol\Handler\wlmailhtml - C:\Program Files\Windows Live\Mail\(Microsoft Corporation)O18 - Protocol\Filter\application/x-ica - C:\Program Files\Citrix\ICA Client\Ica Mime (Citrix Systems, Inc.)O18 - Protocol\Filter\Autoruns Disabled - No CLSID value found O18 - Protocol\Filter\ica - C:\Program Files\Citrix\ICA Client\Ica Mime (Citrix Systems, Inc.)O20 - App Init_DLLs: (C:\DOCUME~1\ALLUSE~1\AVP9\kloehk.dll) - C:\Documents and Settings\All Users\AVP9\(Kaspersky Lab)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\(Microsoft Corporation)O20 - Winlogon\Notify\klogon: Dll Name - C:\WINDOWS\system32\- C:\WINDOWS\system32\(Kaspersky Lab)O24 - Desktop Components:0 () - O24 - Desktop Wall Paper: C:\WINDOWS\Web\Wallpaper\O24 - Desktop Backup Wall Paper: C:\WINDOWS\Web\Wallpaper\O32 - HKLM CDRom: Auto Run - 1O34 - HKLM Boot Execute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\..[@ = Com File] -- "%1" %*O37 - HKLM\..[@ = exefile] -- "%1" %* Net Svcs: 6to4 - File not found Net Svcs: Ias - File not found Net Svcs: Iprip - File not found Net Svcs: Irmon - File not found Net Svcs: NWCWorkstation - File not found Net Svcs: Nwsapagent - File not found Net Svcs: Ux Tune Up - C:\WINDOWS\system32\(Tune Up Software Gmb H)Net Svcs: Wmdm Pm Sp - File not found [2010/12/10 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\2119766.sys[2010/12/10 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\21197661.sys[2010/12/10 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\21197662.sys[2010/12/10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Munna\Desktop\Virus Removal Tool[2010/12/05 | 000,000,000 | ---D | C] -- C:\Program Files\Garena[2010/12/03 | 000,000,000 | -HSD | C] -- C:\RECYCLER[2010/12/02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp[2010/11/29 | 000,000,000 | ---D | C] -- C:\_OTL[2010/11/28 | 000,000,000 | ---D | C] -- C:\Config. This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.11. Post the contents of the document in your next reply. Msi[2010/11/27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations[2010/11/26 | 000,000,000 | RHSD | C] -- C:\cmdcons[2010/11/26 | 000,212,480 | ---- | C] (Steel Wer X) -- C:\WINDOWS\SWXCACLS.exe[2010/11/26 | 000,161,792 | ---- | C] (Steel Wer X) -- C:\WINDOWS\SWREG.exe[2010/11/26 | 000,136,704 | ---- | C] (Steel Wer X) -- C:\WINDOWS\SWSC.exe[2010/11/26 | 000,031,232 | ---- | C] (Nir Soft) -- C:\WINDOWS\NIRCMD.exe[2010/11/26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2010/11/26 | 000,000,000 | ---D | C] -- C:\Qoobox[2010/11/25 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro[2010/11/25 | 000,000,000 | ---D | C] -- C:\rsit[2010/11/24 | 000,000,000 | ---D | C] -- C:\found.000[2010/11/24 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5[2010/11/24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro[2010/11/20 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2010/12/10 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml[2010/12/10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/12/10 | 536,072,192 | -HS- | M] () -- C:\hiberfil.sys[2010/12/10 | 000,000,069 | ---- | M] () -- C:\WINDOWS\Nero Digital.ini[2010/12/10 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Munna\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010/12/10 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-.job[2010/12/10 | 000,002,218 | ---- | M] () -- C:\Documents and Settings\Munna\Start Menu\Programs\Startup\setup_9.0.0.722__20-21.lnk[2010/12/09 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Munna\Desktop\- Dec.2010.xls[2010/12/09 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\rundll32.job[2010/12/09 | 000,114,243 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat[2010/12/09 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat[2010/12/07 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk[2010/12/05 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Munna\Desktop\Garena.lnk[2010/12/05 | 003,438,119 | ---- | M] () -- C:\Documents and Settings\Munna\Desktop\GPOA Example.pdf[2010/12/05 | 000,000,327 | RHS- | M] () -- C:\boot.ini[2010/12/02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2010/12/02 | 003,983,662 | R--- | M] () -- C:\Documents and Settings\Munna\Desktop\Combo Fix.exe[2010/12/01 | 000,260,870 | ---- | M] () -- C:\Documents and Settings\Munna\Desktop\UBCRP2010clerical R.pdf[2010/12/01 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\Munna\Desktop\FPR.doc[2010/11/28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/11/27 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Munna\Desktop\General_Power_of_Attorney__I_format_1.doc[2010/11/26 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Munna\Desktop\Proposed_Disb-Nov.10(2).xls[2010/11/24 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys[2010/11/24 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk[2010/11/23 | 000,000,032 | ---- | M] () -- C:\WINDOWS\kaio. Note: This tool will self uninstall when you close it so please save the log before closing it Hi! INI[2010/11/17 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Munna\defogger_reenable[2010/11/17 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\Munna\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk[2010/11/15 | 000,283,136 | ---- | M] () -- C:\Documents and Settings\Munna\Desktop\Central Bank clerical ad -2010.doc[2010/11/12 | 000,000,048 | ---- | M] () -- C:\WINDOWS\[2010/12/10 | 000,002,218 | ---- | C] () -- C:\Documents and Settings\Munna\Start Menu\Programs\Startup\setup_9.0.0.722__20-21.lnk[2010/12/09 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Munna\Desktop\- Dec.2010.xls[2010/12/05 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Munna\Desktop\Garena.lnk[2010/12/05 | 003,438,119 | ---- | C] () -- C:\Documents and Settings\Munna\Desktop\GPOA Example.pdf[2010/12/05 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-.job[2010/12/05 | 000,000,320 | ---- | C] () -- C:\WINDOWS\tasks\rundll32.job[2010/12/01 | 000,260,870 | ---- | C] () -- C:\Documents and Settings\Munna\Desktop\UBCRP2010clerical R.pdf[2010/12/01 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\Munna\Desktop\FPR.doc[2010/11/27 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Munna\Desktop\General_Power_of_Attorney__I_format_1.doc[2010/11/26 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Munna\Desktop\Proposed_Disb-Nov.10(2).xls[2010/11/26 | 000,000,211 | ---- | C] () -- C:\Boot.bak[2010/11/26 | 000,260,272 | RHS- | C] () -- C:\cmldr[2010/11/26 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe[2010/11/26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2010/11/26 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe[2010/11/26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2010/11/26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2010/11/26 | 003,983,662 | R--- | C] () -- C:\Documents and Settings\Munna\Desktop\Combo Fix.exe[2010/11/24 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys[2010/11/24 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk[2010/11/17 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Munna\defogger_reenable[2010/11/17 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Munna\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk[2010/11/15 | 000,283,136 | ---- | C] () -- C:\Documents and Settings\Munna\Desktop\Central Bank clerical ad -2010.doc[2010/08/26 | 000,000,016 | ---- | C] () -- C:\WINDOWS\QH32. I have done the scan through Kaspersky Removal Tool, though the scan didn't complete as my computer restarted of its own. INI[2010/07/20 | 000,000,032 | ---- | C] () -- C:\WINDOWS\kaio. The scan went upto E: and was in the F: where my PC got restarted. INI[2010/07/14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini[2010/07/14 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2010/07/14 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll[2010/07/14 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2010/07/14 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2010/07/14 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2010/06/25 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthread VC.dll[2010/06/20 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll[2010/06/20 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll[2010/06/20 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll[2010/06/20 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll[2010/06/20 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini[2010/06/15 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Mega Manager. My PC has been getting restarted but I think the reason behind it was my Motherboard. I am hoping to upgrade my PC in next 6 months, though it may take longer than that. INI[2010/06/14 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\Local Service\Local Settings\Application Data\Font Cache3.0.0.0.dat[2010/06/13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST. Therefore I can't think of formatting my computer,within these 6 months, as it might freeze during the installation. Autoscan: malfunction (events: 19, objects: 0, time: Unknown) 12/10/2010 AM Task started 12/10/2010 PM Detected: not-a-virus: Ad Ware. INI[2010/06/13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\Nero Digital.ini[2010/06/13 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2010/06/13 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys[2010/06/13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\sensor. INI[2010/06/13 | 000,003,699 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini[2010/06/13 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO. SYS[2010/06/13 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Munna\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2008/05/16 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll[2008/05/16 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll[2008/05/16 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll[2008/05/16 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll[2008/05/16 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4[2008/04/14 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe[2008/04/14 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe[2008/04/14 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\Service Pack Files\i386\explorer.exe[2004/08/04 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$Nt Service Pack Uninstall$\[2008/04/14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe[2008/04/14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\Service Pack Files\i386\svchost.exe[2008/04/14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe[2004/08/04 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$Nt Service Pack Uninstall$\[2004/08/04 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$Nt Service Pack Uninstall$\userinit.exe[2008/04/14 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe[2008/04/14 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\Service Pack Files\i386\userinit.exe[2008/04/14 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\[2004/08/04 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$Nt Service Pack Uninstall$\winlogon.exe[2008/04/14 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe[2008/04/14 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\Service Pack Files\i386\winlogon.exe[2008/04/14 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\[2008/04/14 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll[2004/08/04 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm50.dll[2008/04/14 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60[2010/06/13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav[2010/06/13 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav[2010/06/13 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Hide Desktop Icons\Classic Start Menu]".default" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Hide Desktop Icons\New Start Panel]"" = 1"" = 1"" = 1"" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Desktop\Name Space\]"" = IE History and Feeds Shell Data Source for Windows Search[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Desktop\Name Space\]"" = Computer Search Results Folder[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Desktop\Name Space\]"" = "Removal Message" = @mydocs.dll,-900 -- [2008/04/14 | 000,090,624 | ---- | M] (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Desktop\Name Space\]"" = Microsoft Office One Note Namespace Extension for Windows Desktop Search[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Desktop\Name Space\]"" = Recycle Bin[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Desktop\Name Space\]"" = Search Results Folder "Info Tip" = @C:\WINDOWS\system32\mui,-881 -- [2009/03/08 | 011,063,808 | ---- | M] (Microsoft Corporation)"Localized String" = @C:\WINDOWS\system32\mui,-880 -- [2009/03/08 | 011,063,808 | ---- | M] (Microsoft Corporation)[HKEY_CLASSES_ROOT\CLSID\\Default Icon]"" = C:\WINDOWS\system32\ieframe.dll,-190 -- [2009/03/08 | 011,063,808 | ---- | M] (Microsoft Corporation)[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]"" = C:\WINDOWS\system32\-- [2009/03/08 | 011,063,808 | ---- | M] (Microsoft Corporation)"Threading Model" = Apartment[HKEY_CLASSES_ROOT\CLSID\\shell]"" = Open Home Page[HKEY_CLASSES_ROOT\CLSID\\shell\No Add Ons]"" = Start Without Add-ons"Legacy Disable" = [HKEY_CLASSES_ROOT\CLSID\\shell\No Add Ons\Command]"" = "C:\Program Files\Internet Explorer\iexplore.exe" -extoff -- [2009/03/08 | 000,638,816 | ---- | M] (Microsoft Corporation)[HKEY_CLASSES_ROOT\CLSID\\shell\Open Home Page]"" = Open &Home Page"MUIVerb" = @shdoclc.dll,-10241 -- [2008/04/13 | 000,549,376 | ---- | M] (Microsoft Corporation)"Legacy Disable" = [HKEY_CLASSES_ROOT\CLSID\\shell\Open Home Page\Command]"" = "%programfiles%\internet explorer\iexplore.exe" -- [2009/03/08 | 000,638,816 | ---- | M] (Microsoft Corporation)[HKEY_CLASSES_ROOT\CLSID\\Shellex][HKEY_CLASSES_ROOT\CLSID\\Shellex\Context Menu Handlers][HKEY_CLASSES_ROOT\CLSID\\Shellex\Context Menu Handlers\ieframe]"" = [HKEY_CLASSES_ROOT\CLSID\\Shellex\May Change Default Menu]"" = [HKEY_CLASSES_ROOT\CLSID\\Shell Folder]"Attributes" = 36"Hide Folder Verbs" = "Wants Parse Display Name" = "Hide On Desktop Per User" = "" = C:\WINDOWS\system32\ieframe.dll,-190 -- [2009/03/08 | 011,063,808 | ---- | M] (Microsoft Corporation)"Hide As Delete Per User" = "Default Scope" = "Download Retries" = 0"Download Updates" = 1"Version" = 2"Upgrade Time" = 9A FD DE E3 25 30 CB 01 [binary data][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search Scopes\]"Suggestions URLFallback" = query=&maxwidth=&rowheight=§ion Height=&FORM=IE8SSC&market="Favicon URLFallback" = = For now take a look at the OTL Log that was generated from ur last told fix. q=&src=IE-Search Box&FORM=IE8SRC"Favicon Path" = C:\Documents and Settings\Munna\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_-- [2010/07/31 | 000,000,894 | ---- | M] ()"Display Name" = Bing"Show Search Suggestions" = 0 Hi! ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Starting removal of Active X control C:\WINDOWS\Downloaded Program Files\not found. Do I need to remove the saved passwords from the firefox too? Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\\ deleted successfully. I was liking the way I got logged on to any of my account just with a click. I need some time before I re-install my firefox because of 2 reasons. I wud tell U the results within 3 days after my first paper gets over. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\\ not found. ========== FILES ========== C:\WINDOWS\tasks\rundll32moved successfully. OTL by Old Timer - Version 3.2.17.3 log created on 12102010_223428 Oh, BTW there was not a single thing in the web tab. 1st being that the 'saved password' contains my bro's password and I can't go with the uninstall without asking him. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully. Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.Unable to boot into Microsoft Windows due to Ransomware [ Wikipedia ] virus or Trojan? Sometimes we find ourselves in deep trouble when our system refuses to boot up, more often than not, this is due to viral infection and how do we go about cleaning the system without formatting when our system failed to boot, even in safe mode? In situations like these, Rescue Disks become very useful. Today we’re going to talk about Free Rescue Disks available in the market. Basically what this Rescue Disk does is, it boots itself up before the system (Windows) in DOS and subsequently performs a system check for viruses and Trojans. Avira Rescue System, because the virus definition for its rescue system is updated on a daily basis, whereas the others virus definition for their Rescue System Disk are updated on a monthly basis. The problem is, how do you remove these FBI warning viruses without formatting your computer because of all the important files in your C drive? Here is a complete list of Bootable USB and CD Antivirus rescue software for Microsoft Windows. It is a good idea to clone your entire disk before performing the rescue in the event that something goes wrong. Yesterday I received a comment from a reader in one of my previous posts and it said, “Hello! ”How does one go about fixing, repairing and rescuing unbootable windows without formatting? I guess I have downloaded the virus version because since I have downloaded it I cannot turn my computer on anymore, it keeps telling me that there is a problem with a new software and that I should put my windows disc in and repair my computer. In situation like this, one can enter ‘safe mode’ during the loading of windows and remove the virus or trojan, however, there is a small percentage where the virus has infected all the important windows files required for a successful loading of ‘safe mode’, thus causing windows to restarting every time you load ‘safe mode’, to resolve this unbootable problem, you’ll need a bootable DOS Anti Virus. Here are the top 7 bootable antivirus: You can use the Rescue CD to scan your computer and quarantine harmful files. These free Bootable CD & USB Antivirus are able to remove crimeware that traditional virus scanning methods can’t. There are two main situations when you should use the Rescue CD: If the computer cannot be recovered, you can also use Rescue CD and a USB drive to save your important files. Note that if you copy data from the computer to the USB drive, this data may contain viruses or other harmful content. Panda Cloud Cleaner Rescue ISO is a tool which allows you to scan computers or VMWare images which, due to virus infections, will not start correctly. You must carry out the burning of the ISO image from a computer that is not infected with viruses or ransomware. This disinfection tool included in the ISO is Panda Cloud Cleaner. Works great on Microsoft’s Windows 10 and Apple’s mac OS. Keep your systems running smoothly with protection from AVG Rescue CD. If malware gets past your security software, AVG Rescue CD can get your PC back up and running. This comprehensive toolkit repairs system crashes and returns systems to operating at full capacity. AVG resellers have been using this same solution to recover their customers infected systems and now it’s available to your business, free of charge. It’s your system’s clean bill of health without the bill. Boot your computer to Comodo Rescue Disk (CRD) and you can scan your entire system for viruses before Windows loads. Comodo Rescue Disk (CRD) is a bootable disk image that allows users to run virus scans in a pre-boot environment. It is a powerful virus, spyware and rootkit cleaner which works in both GUI and text mode. CRD can provide a more comprehensive and thorough scan than regular malware cleaning applications because it cleans your system before Windows is loaded. Emergency system repair from a CD/DVD disk or a bootable USB drive. Web Live Disk you can not only clean your system of infected and suspicious files but also copy important information to removable media or another computer; Dr. If the activities of malicious programs have made it impossible for you to boot a computer running Windows, you can recover the affected system for free using Dr. Web Live Disk also attempts to cure infected objects. Kaspersky Rescue Disk is a free tool for disinfecting computers from malware which does not allow the operating system to start. Kaspersky Rescue Disk 10 is designed to scan and disinfect x86 and x64-compatible computers that have been infected. The application should be used when the infection is so severe that it is impossible to disinfect the computer using anti-virus applications or malware removal utilities (such as Kaspersky Virus Removal Tool) running under the operating system. In this case, disinfection is more efficient because malware programs do not gain control when the operating system is being loaded. In the emergency repair mode, you can only start objects, scan tasks, update databases, roll back updates and view statistics. Kaspersky Rescue Disk 10 allows performing the following actions. Configure objects scan settings: If you have tried all other methods of removing a malware infection from your computer and you are still having problems, use the instructions below to download the Sophos Bootable Antivirus (SBAV) file and burn it to CD. The Sophos Bootable Antivirus (SBAV) tool allows you to scan and clean up a computer infected with malware without the need to load the infected operating system installed onto the local hard drive of a computer. This is useful if the state of the computer’s normal operating system – when booted – prevents cleanup by other means, or the Master Boot Record (MBR) of the computer’s hard drive is infected. Sometimes, malicious and other potentially unwanted software, including rootkits, try to install themselves on your PC. This can happen when you connect to the Internet or install some programs from a CD, DVD, or other media. Once on your PC, this software might run immediately, or it might run at unexpected times. Windows Defender Offline can help remove such hard to find malicious and potentially unwanted programs using definitions that recognize threats. Definitions are files that provide an encyclopedia of potential software threats. Because new threats appear daily, it’s important to always have the most up-to-date definitions installed in Windows Defender Offline. Armed with definition files, Windows Defender Offline can detect malicious and potentially unwanted software, and then notify you of the risks. The Norton Bootable Recovery Tool comes as an ISO image that you can use to create bootable rescue media on DVD or USB drive. Using this media, you can start the computer, scan and remove the threats that caused the problem. Norton Bootable Recovery Tool is a Rescue tool that is available for free to everyone. You can use this tool to restore your computer to normal working mode when it is infected so deeply that it will not start. Norton Bootable Recovery Tool (NBRT) can also be used to scan and remediate threats should you face difficulty in installing or running Norton products due to a virus infection in your computer. You have to download the ISO image and create a bootable DVD or USB rescue media. The G DATA boot medium is a practical aid for detecting viruses that have already embedded themselves on your computer prior to installing the antivirus software. In the current version the boot medium is also capable of restoring all backups created with G DATA solutions (only available in the TOTAL PROTECTION solution). it must either be burnt to a CD/DVD or be mounted via a virtual drive so it can be used from a USB stick for example. You can download the boot medium in the “Tools” download area. Kickstart is the solution against police ransomware and other persistent malware that has taken your computer hostage or prevents normal computer use. When your PC has been infected with ransomware you see a message, supposedly from the police, FBI or other authorities, demanding that a fine must be paid in order to unlock the computer. Payment is done via prepaid cards from Ukash, Money Pak or Paysafecard. All you need to do is boot up your system with the help of the Hitman Pro. The programs on the flash drive will make sure that you boot into your own familiar Windows environment and start Hitman Pro there. All the required drivers for your devices and all wireless network passwords (who can remember them? There is no need to become familiar with the tools of other operating systems, like for instance Linux. ESET Sys Rescue Live is only intended as an on-demand scanning and removal tool to get rid of persistent threats. It is a malware cleaning tool that runs independent of the operating system from a CD, DVD, or a USB. It has direct access to the disk and the file system, and therefore is capable of removing the most persistent threats. Antivirus Live CD is a 4MLinux fork including the Clam AV scanner. It’s designed for users who need a lightweight live CD, which will help them to protect their computers against viruses. Both Ethernet (including Wi-Fi) and dial-up (including fast USB modems) Internet connections are supported to enable automatic updates of the virus signature database. All partitions are mounted automatically during boot so that they can be scanned by Clam AV. Panda Safe CD is a free utility to disinfect any Operating System. Simply burn into a CD or USB and boot your PC with Panda Safe CD to scan and disinfect your PC. This useful utility comes in handy when you need to clean a friend’s PC (or your own) from a malware infested state. It is specially useful for detecting and disinfecting malware infections which give regular AV products running within Windows a hard time. The Avira Rescue System is a product that is able to scan, repair and undo changes of a Windows system that malware might have done in particular to the registry. The new Rescue System is based on an adapted Ubuntu 12.04 LTS desktop system and runs on that platform as an independent application. Thus, it provides support for a broad range of hardware and drivers and should run on a large number of systems available on the market or used by customers. The Rescue System is a wizard-based product and therefore easy to use for any inexperienced consumer. The product also offers the possibility to scan and disinfect an operating system via the command line, unfortunately the repair option is not supported in this mode. Product features: Once a system is infected with malware it becomes difficult to remove that malware as it is already embedded in the system and has control over many components which are key to the system’s operations. Malware, like rootkits, use system components to hide themselves and prevent other software from detecting or removing them. This is often the case of who gets there first; if the malware is able to get control of the system earlier on then it also has control over any software that may be run later. Besides just hiding, malware can also block the execution of other security applications. If you cannot install or run a security application in the first place then you cannot scan and detect the malware. The best time to remove this malware is when it is not running, but malware often starts with the Operating System, so we would have to stop the Operating System to stop the malware. On a shutdown OS nothing is running and malware like rootkits cannot hide themselves and so it would be easy to find and remove them. Trend Micro Rescue Disk allows you to use a CD, DVD, or USB drive to examine your computer without launching Microsoft Windows. It finds and removes persistent or difficult-to-clean security threats that can lurk deep within your operating system. Rescue Disk does not need to load potentially-infected system files into memory before trying to remove them. It can scan hidden files, system drivers, and the Master Boot Record (MBR) of your computer’s hard drive without disturbing the operating system. Live CD is recommended for those who have damaged or unbootable Windows on the computer. With this disk, you can restore the normal operating of a Windows system, damaged due to virus attack. F-Secure Rescue CD contains the Knoppix derivative of the Linux operating system, which can run completely from a CD and allows access to your PC’s operating system and hard disks. Use Rescue CD to boot up a PC you suspect has been infected, or has had its security software compromised. Once booted, you can check the installed programs and perform more advanced repair and data recovery operations. Rescue your computer from evil claws of nasty ransomware, boot-sector virus. Anvi Rescue Disk was designed to be used when standard antivirus software fail to detect and clean various computer infections, especially boot-sector viruses like ransomware. The Anvi Rescue ISO image, Rescue.iso, can be burned on a CD/DVD or a bootable USB device using your disc burner to launch the infected computer from there to troubleshoot. Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues. Since version 3.4 it has an easy to use scrollable text menu that allows anyone who masters a keyboard and some English to perform maintenance and repair on a computer, ranging from password resetting over disk cleanup to virus scanning Bitdefender Rescue CD is a free tool that scans and cleans your computer whenever you suspect a malware threat is affecting its operation. Bitdefender Rescue CD works without loading the operating system and can be set up either on a CD/DVD or on a USB flash drive. Because Bit Defender Rescue CD is powered by Linux OS, it comes packed with tons of features, just like Avira’s own rescue system. The best thing in this rescue CD is, when you boot using this CD and connect to the Internet, it can update the virus definition.How to Get Started in Cryptocurrency Investing How to Find Your Wi-Fi Password on Windows 11 How to Add or Remove Folders Next to the Start Menu Power Button in Windows 11 Ad Blocker? Please Support Major Geeks With a Donation How to Add Optimize Drives Context Menu in Windows 10 & 11 How to Show the Taskbar on All Displays in Windows 11 How to Clear Your Location History in Windows 10 & 11 How to Reset or Repair the Microsoft Photos App in Windows 10 & 11 How to Fix Windows 10 & 11 Photos App Running Slow ASUS Releases BIOS Update to Enable TPM on Hundred of Motherboards Gridin Soft Anti-Malware - Gridin Soft Anti-Malware effectively targets PC threats, including adware, malware, and PUPs allowing you to purge them with ease - ensuring that your machine will remain safe from virus/malware attacks. » More Info » Download Malwarebytes Adw Cleaner - Malwarebytes Adw Cleaner is a free anti-malware app that deletes adware, PUP's, toolbars, and browser hijackers. For complete internet protection, download Malwarebytes here.

2017-2018 © sunbet88.us
Sitemap